Beers, James W. wrote: > I have several FreeBSD machines acting as firewalls, all running IPF (v > 3 and 4). In the past, I would install FreeBSD off the most recent CD > from FreeBSD Mall, lock down the system, and run with it. Worked fine. > But alas, in my infinite wisdom, I needed to find out how to use cvsup > so that I could keep my systems up to date. > > I created a test server running FreeBSD 6.1 and ipfilter 4.1.11 compiled > into the kernel. Again, an install off the 6.1 CD. Then I played with > cvsup and refreshed the source tree. I dutifully recompiled and > installed the kernel. No problems noted. Then I rebooted. The system > rebooted and came up but I couldn't contact it with ssh. So I made way > to the server and noticed ipfilter's ruleset was empty. Of course, my > default stance for the firewall is BLOCKALL, so that answers why I > couldn't get to the server. I did an ipf -V and was told that ipfilter > was runnning but that I had a user/kernel version mismatch. The user > binaries are 4.1.11 and the kernel binaries are 4.1.13. I've poked > around on this list, Google Groups, and Google but I can't seem to find > (or I'm missing) the instructions for fixing this problem. > > So, short of blowing away the test server and starting all over again, > can someone direct me resources that can tell me how to fix this > problem?
Have you updated the whole src tree (have src-all collection in you supfile)? If so you probably did not run the build/installworld. See FreeBSD handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ - chapter 21). Michal
